Developer plans NSA-proof messaging app in bid for privacy

STOCKHOLM, Sweden -- Peter Sunde evidently knows a thing or two about secrecy.

The co-founder of the song and film-sharing website The Pirate Bay revealed the venue for an interview for this article by emailing a Google Maps link, which when opened, shows a nondescript Konditori, the Swedish equivalent of an old-fashioned diner.

It's the kind of place, he says smiling as he orders coffee, where you can more or less guarantee you won't be seen by anyone under the age of 50.

Advertisement

Just days before, Sunde announced plans to launch a smartphone app that will allow users to send messages safe from the prying eyes of the world's intelligence agencies.

Called 'Heml.is', from the Swedish for secrecy, the idea is to bring the encrypted communication used by hackers and political activists to the masses.

He's apparently hit on an unmet need. In the 36 hours before we met, Heml.is raised $152,300 from 10,450 backers by doing nothing more than setting up a website and sending out a couple of tweets.

"It's an insane amount of money," Sunde says. "We expected a fraction of that, maybe ten thousand or something. It shows how important everybody thinks this question really is. This is not something where people question whether or not it should exist."

The revelations about surveillance from whistleblower Edward Snowden have clearly made an impact.

Neither Sunde nor his co-founders Linus Olsson and Leif Högberg were surprised by evidence that Google, Facebook, Microsoft, and Apple, among others, have been giving the US National Security Agency access to their user data.

But Olsson believes that for the first time, non-technical people now also understand what that means.

"It's this fire-hose thing, that you can suck in everything, you can index it and you can search for information... forever," he argues. "I don't think people had understood that, and that's really the big consequence. The idea of wire-tapping has been going on forever, and that's not really a problem. The problem is the scale of all of it, and what that scale makes it possible to do."

Since the surveillance is being carried out by the American government, and because US-based companies handle the overwhelming majority of global web communication, citizens of other countries are left powerless, Sunde adds.

"You have no democratic possibility of saying 'no' to it because they're deciding that for themselves, which is just like not OK, because we can do nothing where we live," he says. "We can't vote for someone to stop doing it, and that sucks."

That's why he thinks it's important for Heml.is to be based in Europe, and will refuse any institutional funding, which will make it more difficult for the United States to pressure it in the future.

Sunde downplays his major potential obstacle: the 8-month prison sentence he has yet to serve for running The Pirate Bay, and his part of an $11 million fine.

"I can't really own anything," he explains. "I just have a huge debt in Sweden, but as I don't live in Sweden, I don't have that problem." Refusing to pay is a matter of principle.

Although members of his team are still in the stage of throwing around ideas, they already know they will need to do more than simply encrypt messages.

"Let's say I send you an email that's encrypted, Sunde explains. "The government can still see that I sent an email to you, so they can build a sort of sociogram. Our focus is on the infrastructure as well."

Instead of encrypting individual messages, Sunde plans to collect them at Heml.is servers located in each country it operates and encrypt them in bulk. They would then be sent across borders before being decrypted in bulk and delivered locally.

"They can see there's a big package coming from our system, but they can't see who's sending it," he elaborates.

However, his mission is as much about usability as it is about secrecy.

"If we do a perfect application, with perfect encryption and people don't use it, we will have utterly failed," says Leif Högberg, Sunde's co-founder. "It must have scale."

None of the existing encrypted messaging apps do that, he argues. "None of them are user-friendly. Not a single one. Why aren't you using them? 'Can you please meet me at this street corner so we can exchange cryptographic keys?' I mean, come on, it's not going to happen."

However, making Heml.is useable will require making compromises. For example, the app will have to mine users' existing contacts lists for other Heml.is users.

"It's impossible to reach scale if you have to search for people or make a friend connection," Högberg says. "That will surely be something that encryption experts will tank us for."

More from GlobalPost: Pirate Bay founders are going to jail

One of the other questions is how to get users to generate a unique user key in an unobtrusive way. Ideas include getting them to draw pictures or simply using background noise from the microphone.

The three admit that such questions aren't close to being answered at present. They were expecting their fundraising to take at least a month, during which they had intended to recruit their teams and develop ideas. The process took a mere three days.

Sunde refuses to set a launch date. "Right now," he admits, "it's just chaos."